Package org.apache.nifi.security.util
Class StandardTlsConfiguration
java.lang.Object
org.apache.nifi.security.util.StandardTlsConfiguration
- All Implemented Interfaces:
TlsConfiguration
This class serves as a concrete immutable domain object (acting as an internal DTO)
for the various keystore and truststore configuration settings necessary for
building
SSLContexts.-
Nested Class Summary
Nested Classes -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final Stringprivate final Stringprivate final Stringprivate final KeystoreTypeprivate static final Stringprivate static final Stringprivate final Stringprotected static final Stringprotected static final Stringprivate static final Stringprivate final Stringprivate final Stringprivate final KeystoreType -
Constructor Summary
ConstructorsConstructorDescriptionDefault constructor present for testing and completeness.StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword, String keystoreType, String truststorePath, String truststorePassword, String truststoreType) Instantiates a container object with the given configuration values.StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword, String keystoreType, String truststorePath, String truststorePassword, String truststoreType, String protocol) Instantiates a container object with the given configuration values.StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType) Instantiates a container object with the given configuration values.StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType, String protocol) Instantiates a container object with the given configuration values.StandardTlsConfiguration(String keystorePath, String keystorePassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType) Instantiates a container object with the given configuration values.Instantiates a container object with a deep copy of the given configuration values. -
Method Summary
Modifier and TypeMethodDescriptionbooleanstatic TlsConfigurationfromNiFiProperties(Properties niFiProperties) Returns aTlsConfigurationinstantiated from the relevant NiFi properties.static TlsConfigurationfromNiFiProperties(NiFiProperties niFiProperties) Returns aTlsConfigurationinstantiated from the relevant NiFi properties.static StandardTlsConfigurationfromNiFiPropertiesTruststoreOnly(NiFiProperties niFiProperties) Returns aTlsConfigurationinstantiated from the relevantNiFiPropertiesproperties for the truststore only.String[]Get Enabled TLS Protocols translates SSL to legacy protocols and TLS to current protocols or returns configured protocolprivate URLgetFileUrl(String path) Returns the "working" key password -- if the key password is populated, it is returned; otherwise thegetKeystorePassword()is returned.Returns"********"if the functional key password is populated,"null"if not.Returns"********"if the key password is populated,"null"if not.Returns"********"if the keystore password is populated,"null"if not.String[]Returns aString[]containing the keystore properties for logging.Returns"********"if the truststore password is populated,"null"if not.String[]Returns aString[]containing the truststore properties for logging.inthashCode()booleanReturnstrueif any of the keystore properties is populated, indicating that the caller expects a valid keystore to be generated.private booleanisAnyPopulated(String path, String password, KeystoreType type) booleanReturnstrueif any of the truststore properties is populated, indicating that the caller expects a valid truststore to be generated.booleanReturnstrueif the necessary properties are populated to instantiate a keystore.booleanReturnstrueif the necessary properties are populated and the keystore can be successfully instantiated (i.e.private booleanisStorePopulated(String path, String password, KeystoreType type, StandardTlsConfiguration.StoreType storeType) private booleanisStoreValid(String path, String password, KeystoreType type, StandardTlsConfiguration.StoreType storeType) booleanReturnstrueif the necessary properties are populated to instantiate a truststore.booleanReturnstrueif the necessary properties are populated and the truststore can be successfully instantiated (i.e.private static StringmaskPasswordForLog(String password) toString()
-
Field Details
-
SSL_PROTOCOL
- See Also:
-
TLS_PROTOCOL
- See Also:
-
TLS_PROTOCOL_VERSION
-
MASKED_PASSWORD_LOG
- See Also:
-
NULL_LOG
- See Also:
-
keystorePath
-
keystorePassword
-
keyPassword
-
keystoreType
-
truststorePath
-
truststorePassword
-
truststoreType
-
protocol
-
-
Constructor Details
-
StandardTlsConfiguration
public StandardTlsConfiguration()Default constructor present for testing and completeness. -
StandardTlsConfiguration
public StandardTlsConfiguration(String keystorePath, String keystorePassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType) Instantiates a container object with the given configuration values.- Parameters:
keystorePath- the keystore pathkeystorePassword- the keystore passwordkeystoreType- the keystore typetruststorePath- the truststore pathtruststorePassword- the truststore passwordtruststoreType- the truststore type
-
StandardTlsConfiguration
public StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType) Instantiates a container object with the given configuration values.- Parameters:
keystorePath- the keystore pathkeystorePassword- the keystore passwordkeyPassword- the key passwordkeystoreType- the keystore typetruststorePath- the truststore pathtruststorePassword- the truststore passwordtruststoreType- the truststore type
-
StandardTlsConfiguration
public StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword, String keystoreType, String truststorePath, String truststorePassword, String truststoreType) Instantiates a container object with the given configuration values.- Parameters:
keystorePath- the keystore pathkeystorePassword- the keystore passwordkeyPassword- the key passwordkeystoreType- the keystore type as a StringtruststorePath- the truststore pathtruststorePassword- the truststore passwordtruststoreType- the truststore type as a String
-
StandardTlsConfiguration
public StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword, String keystoreType, String truststorePath, String truststorePassword, String truststoreType, String protocol) Instantiates a container object with the given configuration values.- Parameters:
keystorePath- the keystore pathkeystorePassword- the keystore passwordkeyPassword- the (optional) key password -- ifnull, the keystore password is assumed the same for the individual keykeystoreType- the keystore type as a StringtruststorePath- the truststore pathtruststorePassword- the truststore passwordtruststoreType- the truststore type as a Stringprotocol- the TLS protocol version string
-
StandardTlsConfiguration
public StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType, String protocol) Instantiates a container object with the given configuration values.- Parameters:
keystorePath- the keystore pathkeystorePassword- the keystore passwordkeyPassword- the (optional) key password -- ifnull, the keystore password is assumed the same for the individual keykeystoreType- the keystore typetruststorePath- the truststore pathtruststorePassword- the truststore passwordtruststoreType- the truststore typeprotocol- the TLS protocol version string
-
StandardTlsConfiguration
Instantiates a container object with a deep copy of the given configuration values.- Parameters:
other- the configuration to copy
-
-
Method Details
-
fromNiFiProperties
Returns aTlsConfigurationinstantiated from the relevant NiFi properties.- Parameters:
niFiProperties- the NiFi properties- Returns:
- a populated TlsConfiguration container object
-
fromNiFiProperties
Returns aTlsConfigurationinstantiated from the relevant NiFi properties.- Parameters:
niFiProperties- the NiFi properties, as a simple java.util.Properties object- Returns:
- a populated TlsConfiguration container object
-
fromNiFiPropertiesTruststoreOnly
public static StandardTlsConfiguration fromNiFiPropertiesTruststoreOnly(NiFiProperties niFiProperties) Returns aTlsConfigurationinstantiated from the relevantNiFiPropertiesproperties for the truststore only. No keystore properties are read or used.- Parameters:
niFiProperties- the NiFi properties- Returns:
- a populated TlsConfiguration container object
-
getKeystorePath
- Specified by:
getKeystorePathin interfaceTlsConfiguration
-
getKeystorePassword
- Specified by:
getKeystorePasswordin interfaceTlsConfiguration
-
getKeystorePasswordForLogging
Returns"********"if the keystore password is populated,"null"if not.- Specified by:
getKeystorePasswordForLoggingin interfaceTlsConfiguration- Returns:
- a loggable String representation of the keystore password
-
getKeyPassword
- Specified by:
getKeyPasswordin interfaceTlsConfiguration
-
getKeyPasswordForLogging
Returns"********"if the key password is populated,"null"if not.- Specified by:
getKeyPasswordForLoggingin interfaceTlsConfiguration- Returns:
- a loggable String representation of the key password
-
getFunctionalKeyPassword
Returns the "working" key password -- if the key password is populated, it is returned; otherwise thegetKeystorePassword()is returned.- Specified by:
getFunctionalKeyPasswordin interfaceTlsConfiguration- Returns:
- the key or keystore password actually populated
-
getFunctionalKeyPasswordForLogging
Returns"********"if the functional key password is populated,"null"if not.- Specified by:
getFunctionalKeyPasswordForLoggingin interfaceTlsConfiguration- Returns:
- a loggable String representation of the functional key password
-
getKeystoreType
- Specified by:
getKeystoreTypein interfaceTlsConfiguration
-
getTruststorePath
- Specified by:
getTruststorePathin interfaceTlsConfiguration
-
getTruststorePassword
- Specified by:
getTruststorePasswordin interfaceTlsConfiguration
-
getTruststorePasswordForLogging
Returns"********"if the truststore password is populated,"null"if not.- Specified by:
getTruststorePasswordForLoggingin interfaceTlsConfiguration- Returns:
- a loggable String representation of the truststore password
-
getTruststoreType
- Specified by:
getTruststoreTypein interfaceTlsConfiguration
-
getProtocol
- Specified by:
getProtocolin interfaceTlsConfiguration
-
isKeystorePopulated
public boolean isKeystorePopulated()Returnstrueif the necessary properties are populated to instantiate a keystore. This does not validate the values (seeisKeystoreValid()).- Specified by:
isKeystorePopulatedin interfaceTlsConfiguration- Returns:
- true if the path, password, and type are present
-
isAnyKeystorePopulated
public boolean isAnyKeystorePopulated()Returnstrueif any of the keystore properties is populated, indicating that the caller expects a valid keystore to be generated.- Specified by:
isAnyKeystorePopulatedin interfaceTlsConfiguration- Returns:
- true if any keystore properties are present
-
isKeystoreValid
public boolean isKeystoreValid()Returnstrueif the necessary properties are populated and the keystore can be successfully instantiated (i.e. the path is valid and the password(s) are correct).- Specified by:
isKeystoreValidin interfaceTlsConfiguration- Returns:
- true if the keystore properties are valid
-
isTruststorePopulated
public boolean isTruststorePopulated()Returnstrueif the necessary properties are populated to instantiate a truststore. This does not validate the values (seeisTruststoreValid()).- Specified by:
isTruststorePopulatedin interfaceTlsConfiguration- Returns:
- true if the path, password, and type are present
-
isAnyTruststorePopulated
public boolean isAnyTruststorePopulated()Returnstrueif any of the truststore properties is populated, indicating that the caller expects a valid truststore to be generated.- Specified by:
isAnyTruststorePopulatedin interfaceTlsConfiguration- Returns:
- true if any truststore properties are present
-
isTruststoreValid
public boolean isTruststoreValid()Returnstrueif the necessary properties are populated and the truststore can be successfully instantiated (i.e. the path is valid and the password is correct).- Specified by:
isTruststoreValidin interfaceTlsConfiguration- Returns:
- true if the truststore properties are valid
-
getKeystorePropertiesForLogging
Returns aString[]containing the keystore properties for logging. The order isgetKeystorePath(),getKeystorePasswordForLogging(),getFunctionalKeyPasswordForLogging(),getKeystoreType()(using the type or "null").- Specified by:
getKeystorePropertiesForLoggingin interfaceTlsConfiguration- Returns:
- a loggable String[]
-
getTruststorePropertiesForLogging
Returns aString[]containing the truststore properties for logging. The order isgetTruststorePath(),getTruststorePasswordForLogging(),getTruststoreType()(using the type or "null").- Specified by:
getTruststorePropertiesForLoggingin interfaceTlsConfiguration- Returns:
- a loggable String[]
-
getEnabledProtocols
Get Enabled TLS Protocols translates SSL to legacy protocols and TLS to current protocols or returns configured protocol- Specified by:
getEnabledProtocolsin interfaceTlsConfiguration- Returns:
- Enabled TLS Protocols
-
toString
-
equals
-
hashCode
public int hashCode() -
maskPasswordForLog
-
isAnyPopulated
-
isStorePopulated
private boolean isStorePopulated(String path, String password, KeystoreType type, StandardTlsConfiguration.StoreType storeType) -
isStoreValid
private boolean isStoreValid(String path, String password, KeystoreType type, StandardTlsConfiguration.StoreType storeType) -
getFileUrl
-